Attached is a file named no-reply@victimdomain.tld_20151203_3248.doc which I have seen just a single sample of so far with a VirusTotal detection rate of 2/55, and which contains this malicious macro [pastebin]. Automated analysis tools [1][2] show that the macro downloads a component from the following location:

vinsdelcomtat.com/u5y432/h54f3.exe

There will probably be other versions of the document downloading from other locations, but for the moment the binary will be the same. This has a detection rate of 3/55 and this Malwr report shows that it communicates with a known bad IP of:

193.238.97.98 (PJSC DATAGROUP, Ukraine)

I strongly recommend that you block traffic to that IP. The payload is most likely to be the Dridex banking trojan.